1. Go to the Settings
    - To allow external IdP logins by default, go to your instance default settings at `${CUSTOM_DOMAIN}/ui/console/instance?id=general`
    - To allow external IdP logins on an organization, go to `${CUSTOM_DOMAIN}/ui/console/org-settings?id=login` and ensure you have the right org context.
2. Modify your login policy in the menu "Login Behavior and Security"
3. Enable the attribute "External Login allowed"

You can also change the settings through the API directly either in the default settings or on a specific organization:
- [Update Default Login Settings](/docs/apis/resources/admin/admin-service-update-login-policy)
- [Update Organization Login Settings](/docs/apis/resources/mgmt/management-service-update-custom-login-policy)

![Allow External IDP](/img/guides/zitadel_allow_external_idp.png)

